5 matches found
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506...
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506...
FortiManager and FortiAnalyzer Persistent XSS vulnerability
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...
Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability
A vulnerability in the Dashboard page in the monitoring and report section of Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to the improper generation and validation of the CSRF toke...